- One of the following Microsoft operating systems:
Microsoft SQL Server 2005, 2008 (including R2), or 2012. Express Edition or higher.
Microsoft Internet Information Services (IIS) (internal part of the operating system)
Microsoft .NET Framework 4.5.1. Both 32-bit and 64-bit editions are supported (note that some features of Secret Server require 64-bit to operate).
- Windows Server 2008 (including R2)
- Small Business Server (SBS) is not supported.
- The "Core" (GUI-less) role is not supported. Support is provided in Server 2012.
- Windows Server 2012 (including R2)
- The Essentials edition is not supported due to requiring the Domain Controller role
- The "Core" (GUI-less) role is supported.
- Windows Vista (Ultimate or Business)
- Windows 7
- Windows 8 (including 8.1)
Note Do not plan to install Secret Server on a domain controller. Microsoft ASP.NET will not operate reliably when installed on a domain controller.
Small Installation (<1K Secrets, 1-10 Users):
- Dual-Core 1.6Ghz or higher
- 2 gig ram
- 500MB of disk space + 10 MB of disk space per user per year.
Medium Installation (1K-10K Secrets; 10-100 Users):
- Dual-Core 2Ghz or higher
- 2 gig ram
- 1 GB of disk space + 10 MB of disk space per user per year.
Large Installation (10K+ Secrets, 100+ Users):
Instructions on setting up
Database Mirroring and Disaster Recovery - recommended for medium and large installations.
- Quad-Core 2.0Ghz or higher
- 4 gig ram
- 2 GB of disk space + 10 MB of disk space per user per year.
- Secret Server will operate in a virtualized environment (VMWare or Hyper-V).
- Do NOT install Secret Server on a domain controller (Microsoft ASP.NET does not operate reliably when installed on a domain controller).
- Do NOT install Secret Server on a server running SharePoint.
- You can run Secret Server on the same machine as other applications (Secret Server will require sufficient RAM and CPU to operate normally), however, see the next point:
- For maximum security, you should install the application on dedicated systems or at least systems with applications with the same level of security/sensitivity. Access to these systems should then be restricted. While all sensitive data in Secret Server is either securely hashed or encrypted, it is a security best practice to limit any opportunities for foul play.
- If you intend to use Session Recording, additional disk space will be needed for the database to store the recorded videos. See http://support.thycotic.com/KB/a162/configuring-session-recording.aspx for more information.
The following example is based off of a test instance with 120,000 Secrets:
- The database was 1.6 GB.
- The machine was a Windows 7 instance with an Intel i7 2.67 GHz processor and 6GB of RAM.
- Searching performance is primarily driven by the number of Secrets a user has access to, so in the above example a user searching all folders with View access to all Secrets could see search times of 4-6 seconds. Meanwhile, a user with access to 6,000 Secrets in the same instance will see search queries return in 1-2 seconds. Search times can vary based on data; the fastest search will be for a distinct value in a smaller set of Secrets, the longer searches will be for a generic value in a larger set of Secrets. For example, the search for a Secret named "PRODSRV03\LocalAdmin" will return much faster if the search value is "PRODSRV03" and done in a specific folder than if the search is "Admin" and done at the root level.
- To increase performance, consider putting the database and web application on a separate servers, which will reduce resource contention. Another option is to set up front-end clustering behind a load balancer using the Enterprise Plus edition, which will help scale out the work done on the web server.
Article ID: 51, Created On: 9/11/2009, Modified: 3/21/2014